Описание
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | not-affected | 3.8.3 |
| devel | not-affected | 3.8.3 |
| disco | not-affected | 3.8.3 |
| eoan | not-affected | 3.8.3 |
| esm-apps/bionic | released | 3.5.2-0ubuntu4.1.18.04.1~esm1 |
| esm-apps/focal | not-affected | 3.8.3 |
| esm-apps/jammy | not-affected | 3.8.3 |
| esm-apps/xenial | released | 3.5.2-0ubuntu4.1.16.04.1~esm1 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ...
EPSS
5 Medium
CVSS2
7.5 High
CVSS3